search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
The test now works.
[gnutls.git] / tests / oprfi.c
blobbe190e36d97f89acb872966809ad6bb0eb95eec4
1 /*
2 * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation
3 *
4 * Author: Simon Josefsson
5 *
6 * This file is part of GNUTLS.
7 *
8 * GNUTLS is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * GNUTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with GNUTLS; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
21 */
22
23 /* Parts copied from GnuTLS example programs. */
24
25 #if HAVE_CONFIG_H
26 # include <config.h>
27 #endif
28
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <sys/types.h>
33 #include <netinet/in.h>
34 #include <sys/socket.h>
35 #include <sys/wait.h>
36 #include <arpa/inet.h>
37 #include <unistd.h>
38 #include <gnutls/gnutls.h>
39
40 #include "utils.h"
41
42 static void
43 tls_log_func (int level, const char *str)
44 {
45 fprintf (stderr, "|<%d>| %s", level, str);
46 }
47
48 /* A very basic TLS client, with anonymous authentication.
49 */
50
51 #define MAX_BUF 1024
52 #define MSG "Hello TLS"
53
54 /* Connects to the peer and returns a socket
55 * descriptor.
56 */
57 int
58 tcp_connect (void)
59 {
60 const char *PORT = "5556";
61 const char *SERVER = "127.0.0.1";
62 int err, sd;
63 struct sockaddr_in sa;
64
65 /* connects to server
66 */
67 sd = socket (AF_INET, SOCK_STREAM, 0);
68
69 memset (&sa, '\0', sizeof (sa));
70 sa.sin_family = AF_INET;
71 sa.sin_port = htons (atoi (PORT));
72 inet_pton (AF_INET, SERVER, &sa.sin_addr);
73
74 err = connect (sd, (struct sockaddr *) &sa, sizeof (sa));
75 if (err < 0)
76 {
77 fprintf (stderr, "Connect error\n");
78 exit (1);
79 }
80
81 return sd;
82 }
83
84 /* closes the given socket descriptor.
85 */
86 void
87 tcp_close (int sd)
88 {
89 shutdown (sd, SHUT_RDWR); /* no more receptions */
90 close (sd);
91 }
92
93 void
94 client (void)
95 {
96 int ret, sd, ii;
97 gnutls_session_t session;
98 char buffer[MAX_BUF + 1];
99 gnutls_anon_client_credentials_t anoncred;
100 /* Need to enable anonymous KX specifically. */
101 const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
102
103 gnutls_global_init ();
104
105 gnutls_global_set_log_function (tls_log_func);
106 gnutls_global_set_log_level (4711);
107
108 gnutls_anon_allocate_client_credentials (&anoncred);
109
110 /* Initialize TLS session
111 */
112 gnutls_init (&session, GNUTLS_CLIENT);
113
114 /* Use default priorities */
115 gnutls_set_default_priority (session);
116 gnutls_kx_set_priority (session, kx_prio);
117
118 /* put the anonymous credentials to the current session
119 */
120 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
121
122 gnutls_oprfi_enable_client (session, 3, "foo");
123
124 /* connect to the peer
125 */
126 sd = tcp_connect ();
127
128 gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
129
130 /* Perform the TLS handshake
131 */
132 ret = gnutls_handshake (session);
133
134 if (ret < 0)
135 {
136 fail ("client: Handshake failed\n");
137 gnutls_perror (ret);
138 goto end;
139 }
140 else
141 {
142 success ("client: Handshake was completed\n");
143 }
144
145 success ("client: TLS version is: %s\n",
146 gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
147
148 gnutls_record_send (session, MSG, strlen (MSG));
149
150 ret = gnutls_record_recv (session, buffer, MAX_BUF);
151 if (ret == 0)
152 {
153 success ("client: Peer has closed the TLS connection\n");
154 goto end;
155 }
156 else if (ret < 0)
157 {
158 fail ("client: Error: %s\n", gnutls_strerror (ret));
159 goto end;
160 }
161
162 printf ("- Received %d bytes: ", ret);
163 for (ii = 0; ii < ret; ii++)
164 {
165 fputc (buffer[ii], stdout);
166 }
167 fputs ("\n", stdout);
168
169 gnutls_bye (session, GNUTLS_SHUT_RDWR);
170
171 end:
172
173 tcp_close (sd);
174
175 gnutls_deinit (session);
176
177 gnutls_anon_free_client_credentials (anoncred);
178
179 gnutls_global_deinit ();
180 }
181
182 /* This is a sample TLS 1.0 echo server, for anonymous authentication only.
183 */
184
185 #define SA struct sockaddr
186 #define MAX_BUF 1024
187 #define PORT 5556 /* listen to 5556 port */
188 #define DH_BITS 1024
189
190 /* These are global */
191 gnutls_anon_server_credentials_t anoncred;
192
193 int
194 oprfi_callback (gnutls_session_t session,
195 void *userdata,
196 size_t oprfi_len,
197 const unsigned char *in_oprfi,
198 unsigned char *out_oprfi)
199 {
200 size_t i;
201
202 puts("cb");
203
204 for (i = 0; i < oprfi_len; i++)
205 printf ("OPRF[%d]: %02x %03d %c\n", i, in_oprfi[i],
206 in_oprfi[i], in_oprfi[i]);
207
208 memset (out_oprfi, 42, oprfi_len);
209
210 return 0;
211 }
212
213 gnutls_session_t
214 initialize_tls_session (void)
215 {
216 gnutls_session_t session;
217 const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
218
219 gnutls_init (&session, GNUTLS_SERVER);
220
221 /* avoid calling all the priority functions, since the defaults
222 * are adequate.
223 */
224 gnutls_set_default_priority (session);
225 gnutls_kx_set_priority (session, kx_prio);
226
227 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
228
229 gnutls_dh_set_prime_bits (session, DH_BITS);
230
231 gnutls_oprfi_enable_server (session, oprfi_callback, NULL);
232
233 return session;
234 }
235
236 static gnutls_dh_params_t dh_params;
237
238 static int
239 generate_dh_params (void)
240 {
241 const gnutls_datum_t p3 = { pkcs3, strlen (pkcs3) };
242 /* Generate Diffie Hellman parameters - for use with DHE
243 * kx algorithms. These should be discarded and regenerated
244 * once a day, once a week or once a month. Depending on the
245 * security requirements.
246 */
247 gnutls_dh_params_init (&dh_params);
248 return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
249 }
250
251 int err, listen_sd, i;
252 int sd, ret;
253 struct sockaddr_in sa_serv;
254 struct sockaddr_in sa_cli;
255 int client_len;
256 char topbuf[512];
257 gnutls_session_t session;
258 char buffer[MAX_BUF + 1];
259 int optval = 1;
260
261 void
262 server_start (void)
263 {
264 /* this must be called once in the program
265 */
266 gnutls_global_init ();
267
268 gnutls_global_set_log_function (tls_log_func);
269 gnutls_global_set_log_level (4711);
270
271 gnutls_anon_allocate_server_credentials (&anoncred);
272
273 success ("Launched, generating DH parameters...\n");
274
275 generate_dh_params ();
276
277 gnutls_anon_set_server_dh_params (anoncred, dh_params);
278
279 /* Socket operations
280 */
281 listen_sd = socket (AF_INET, SOCK_STREAM, 0);
282 if (err == -1)
283 {
284 perror ("socket");
285 fail ("server: socket failed\n");
286 return;
287 }
288
289 memset (&sa_serv, '\0', sizeof (sa_serv));
290 sa_serv.sin_family = AF_INET;
291 sa_serv.sin_addr.s_addr = INADDR_ANY;
292 sa_serv.sin_port = htons (PORT); /* Server Port number */
293
294 setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (int));
295
296 err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
297 if (err == -1)
298 {
299 perror ("bind");
300 fail ("server: bind failed\n");
301 return;
302 }
303
304 err = listen (listen_sd, 1024);
305 if (err == -1)
306 {
307 perror ("listen");
308 fail ("server: listen failed\n");
309 return;
310 }
311
312 success ("server: ready. Listening to port '%d'.\n", PORT);
313 }
314
315 void
316 server (void)
317 {
318 client_len = sizeof (sa_cli);
319
320 session = initialize_tls_session ();
321
322 sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
323
324 success ("server: connection from %s, port %d\n",
325 inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
326 sizeof (topbuf)), ntohs (sa_cli.sin_port));
327
328 gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
329 ret = gnutls_handshake (session);
330 if (ret < 0)
331 {
332 close (sd);
333 gnutls_deinit (session);
334 fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
335 return;
336 }
337 success ("server: Handshake was completed\n");
338
339 success ("server: TLS version is: %s\n",
340 gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
341
342 /* see the Getting peer's information example */
343 /* print_info(session); */
344
345 i = 0;
346 for (;;)
347 {
348 bzero (buffer, MAX_BUF + 1);
349 ret = gnutls_record_recv (session, buffer, MAX_BUF);
350
351 if (ret == 0)
352 {
353 success ("server: Peer has closed the GNUTLS connection\n");
354 break;
355 }
356 else if (ret < 0)
357 {
358 fail ("server: Received corrupted data(%d). Closing...\n", ret);
359 break;
360 }
361 else if (ret > 0)
362 {
363 /* echo data back to the client
364 */
365 gnutls_record_send (session, buffer, strlen (buffer));
366 }
367 }
368 /* do not wait for the peer to close the connection.
369 */
370 gnutls_bye (session, GNUTLS_SHUT_WR);
371
372 close (sd);
373 gnutls_deinit (session);
374
375 close (listen_sd);
376
377 gnutls_anon_free_server_credentials (anoncred);
378
379 gnutls_global_deinit ();
380
381 success ("server: finished\n");
382 }
383
384 void
385 doit (void)
386 {
387 pid_t child;
388
389 server_start ();
390 if (error_count)
391 return;
392
393 child = fork ();
394 if (child < 0)
395 {
396 perror ("fork");
397 fail ("fork");
398 return;
399 }
400
401 if (child)
402 {
403 int status;
404 /* parent */
405 server ();
406 wait (&status);
407 }
408 else
409 client ();
410 }
Implementation of the SSL/TLS protocol